Snort

Snort is one of the telemetry data source parsers that are bundled in Hortonworks
Cybersecurity Platform (HCP).

Snort is a network intrusion prevention systems (NIPS). Snort monitors network traffic
and generates alerts based on signatures from community rules. Hortonworks Cybersecurity
Platform (HCP) sends the output of the packet capture probe to Snort. HCP uses the
kafka-console-producer to send these alerts to a Kafka topic. After the Kafka topic
receives Snort alerts, they are retrieved by the parsing topology in Storm.

By default, the Snort parser uses ZoneId.systemDefault() as the source
time zone for the incoming data and MM/dd/yy-HH:mm:ss.SSSSSS as the default
date format. Valid time zones are determined according to the Java
ZoneId.getAvailableZoneIds() values. DateFormats should match options at
https://docs.oracle.com/javase/8/docs/api/java/time/format/DateTimeFormatter.html.

Following is a sample configuration with dateFormat and timeZone explicitly set in the
parser configuration file: